Security has become one of the most vital aspects amongst businesses due to the sudden shift of employees to full-time remote work, thanks to COVID-19 pandemic.
"According to a research conducted by LastPass, the top security concerns amongst IT leaders include securing data (75%) to reducing risk (68%) and securing new technologies (68%)."
Today, security of people’s data using new technologies like video conferencing tools and collaboration software has become critical. We are now seeing miscreants starting a series of attacks that are directly targeted towards video conferencing technologies and their users.
In this blog, we will talk about the various attacks that people can face while having virtual meetings and how to mitigate them.
Video Conferencing Security Risks to Guard Against
Here are some of the video conferencing security risks that you have to guard against while carrying out online meetings:
This is a type of attack wherein an uninvited guest joins the video conferencing meeting either to listen to the conversation or disrupt the meeting by sharing inappropriate media.
This type of incident occurs when you do not require a password to join the online meeting or the attacker is able to decipher or guess the meeting ID.
In simple words, we call it war dialing. With the help of the war dialing software, the attacker is able to find out the meeting ID along with the meeting name and the meeting organizer.
Malicious Links in Chat
Once an attacker gets into the meeting room, they can trick the participants into clicking on malicious links shared through chat. This way, they end up stealing credentials. This makes it even more crucial to have passwords for all the meetings.
Stolen Meeting Links
There are times when you reuse links, however, this makes it easier for the attackers to use. To avoid this, our suggestion is to turn on notifications that let you know when someone joins your meeting room without you. You can go one step further by disallowing others from joining your meeting before you do by disabling “Join before Host.”
Best Practices of Secured Video Conferencing
Since you are now aware of the security risks that you need to guard against while carrying out video conferences, in the next section we will provide you the best practices to perform to conduct a secured video conferencing session.
So, without further ado, let’s get started.
Be Extra Vigilant While Sharing Your Meeting ID
You might think of inviting as many people as possible in the meeting or live event, however, it can expose your Meeting ID on social media, websites, or public forums which can attract the wrong kind of participants.
There are quite a few practical examples wherein participants have shared inappropriate content in “all-welcome” events. Hence, you need to be careful about this, especially, when the meeting also involves children. Hence, we recommend you to use a One-Time Meeting ID.
Remember, if you do not reveal your Personal Meeting ID to the public, chances are, your future meetings will not attract unwanted guests.
Always make it a Point to Use Passcodes
As a meeting host, we recommend you apply both moderator and participant pass-codes, if possible to ensure maximum security. The moderator pass-code requires the meeting host to enter an exclusive code to commence the meeting. This ensures that there is no risky behavior before the host arrives at the online meeting.
When you also mandate participant pass-code, it provides an additional layer of security. In simple words, it allows only those having the correct code to join the meeting. There are certain
video conferencing services that provide advanced fraud detection to detect and report repeated login failures and meeting join failures. This way, you can keep malicious intruders from scanning your meeting IDs over a period of time.
There are certain providers that share some degree of data with third parties, some share personal data of individual participants to third parties, while others provide aggregated information, including duration, location, and the number of participants.
In case, a system shares personal data with third parties, most of the countries’ laws require them to communicate this to the meeting participants. If you are unclear on this, take guidance from your legal counsel.
Be Vigilant of Meeting Joiners
Meeting hosts have the right to know who joins the meetings in a variety of ways, depending on the system they are using. Most of the providers enable the host to set an audible alert to notify them when a new participant joins the meeting.
There are others that display entry and exit banners with the names of the joining participants on-screen. We also suggest the host check out the meeting roster to verify the list of participants on the video conference.
If you see any unrecognized or anonymous names on the list, ask them to confirm their identity through chat or voice.
Master the Controls
To prevent unwanted participants from joining the meeting ensure that the system you’re using enables the host to drop a participant and prevent them from re-joining. There are certain systems that lock a meeting once all the required participants are present in the online meeting. This is critical when you plan to discuss sensitive and confidential information.
Let’s now look at some of the ways to overcome the problems that occur while conducting virtual meetings.
- A common problem happens when the meeting host needs to attend back-to-back meetings using their Personal Meeting ID. This is where we highly recommend using a One-Time Meeting ID to ensure that there are no unnecessary trespassing during the online meeting.
- Most of the systems enable the host to mute the audio and video of certain or all the participants. And put the meeting in “host-only” mode. Whenever a participant has any doubts, they can raise their hands and ask questions through voice or chat.
- There are certain platforms that provide screen share features too. This feature comes in quite handy to explain things to the participants in one go.
Use Live Meeting Controls for Large Meetings & Events
There are times when companies have to conduct large meetings or events with more than 25 people. In such cases, they need to invest in systems that have an appropriate capabilities and security features.
When you select a video conferencing software like Viewup which is designed for large groups, it enables hosts to delegate the job of monitoring and controlling the meeting participants. It also assists in moderating Q & A sessions.
Always Go for Browser-Based Meetings to Avoid Download Delays
There are certain platforms that need you to install software that delays the meeting start time and potentially violates corporate policies.
If you wish to avoid your participants from having to download software before joining the meeting, opt for video conferencing providers like Viewup that support browser-based options that use the WebRTC real-time communications standard, where users simply have to click on a link to join a meeting in a web browser.
Always Practice Basic Security Protocol
According to a 2014 report published by online security experts, Check Point it was found that 90% of cyber-attacks commence with a phishing campaign. In case you receive a link by email or social channels to join a video conference, immediately get in touch with the sender to check its legitimacy.
Never open links and attachments from an unknown sender. Also, look out for the classic clues of cybercrime like spelling mistakes in URLs and emails.
Watch Out for Updates
Developers release patches for a reason. Either to add a new feature or to fix bugs and vulnerabilities. Remember, if you do not update the software, it can become vulnerable to malicious elements looking for software flaws that can be exploited to their advantage.
Hence, it is advised that you always update your app to the latest version to address vulnerabilities.
The current COVID-19 situation has made video conferencing a vital component of the remote workplace. As it becomes more prevalent, security will become a more significant issue. While the best practices that we have mentioned in this blog are not silver bullets for video conferencing security, they can help both organizations and individuals to have a better and safer online meeting experience.